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DETAILED ACTION 

1 . This action is in response to tine communication filed on April 16, 2004. Claims 
1-71 were originally received for consideration. No preliminary amendments for the 

claims were received. 

2. Claims 1-71 are currently pending consideration. 

Information Disclosure Statement 

3. Initialed and dated copies of the Applicant IDS form 1449, received on 8/1 7/04, 
1 1/07/05, and 10/03/07, are attached to this Office action. 

Claim Rejections - 35 USC § 102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

Claims 1, 3-12, 15-20, 22-31, 34-36, 38-47, 50-54, 56-65, and 68-71 are rejected 
under 35 U.S.C. 102(b) as being anticipated by Kumhyr (U.S. Patent Pub. No. US 
2003/0041251 A1). 

Regarding claim 1, Kumhyr discloses: 
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A method of dynamically mitigating a noncompliant password, the method 
comprising the machine-implemented steps of: 

obtaining a password from a user when the user attempts to access a service 
(paragraph 0026: receives a password); 

determining whether the password meets quality criteria (paragraph 0026: 
checks the password for compliance with format specification); and 

if the password does not meet the quality criteria, performing one or more 
responsive actions that relate to accessing the service (paragraph 0027: wherein if the 
password does not comply, a responsive action is taken). 

Claim 3 is rejected as applied above in rejecting claim 1 . Furthermore, Kumhyr 
discloses: 

The method of claim 1 , wherein the step of performing one or more responsive 
actions that relate to accessing the service comprises performing one or more of: 
logging information related to the password; 
sending a report about the password; 

generating an alert about the password; forcing a password change; or 
blocking the user's access to the service (paragraph 0027: wherein the 
password is adjusted to meet the specifications). 

Claim 4 is rejected as applied above in rejecting claim 1 . Furthermore, Kumhyr 
discloses: 
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The method of claim 1 , wherein the method further comprises, if the password 
does meet the quality criteria, providing user access to the service (paragraph 0026: 
wherein if the password meets the specifications, the password is forwarded to the 
specified application). 

Claim 5 is rejected as applied above in rejecting claim 1 . Furthermore, Kumhyr 
discloses: 

The method of claim 1 , wherein the step of determining whether the password 
meets quality criteria further comprises one or more of the steps of: 

performing a dictionary look-up based on the one or more symbols used in the 
password; 

checking the length of the one or more symbols used in the password; 
checking the number of unique characters of the one or more symbols used in 
the password; 

checking the case of the characters in the one or more symbols used in the 
password; 

checking the sequencing of characters in the one or more symbols used in the 

password; or 

performing statistical analysis based on the one or more symbols used in the 
password (paragraph 0027: wherein the number of characters may be adjusted). 
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Claim 6 is rejected as applied above in rejecting claim 1 . Furthermore, Kumhyr 
discloses: 

The method of claim 1 , wherein the step of performing one or more responsive 
actions that relate to accessing the service comprises logging information related to the 
password (paragraph 0027). 

Claim 7 is rejected as applied above in rejecting claim 1 . Furthermore, Kumhyr 
discloses: 

The method of claim 1 , wherein the step of performing one or more responsive 
actions that relate to accessing the service comprises sending a report about the 
password (paragraph 0027: wherein the password is determined to match up with a 
password format specification). 

Claim 8 is rejected as applied above in rejecting claim 1 . Furthermore, Kumhyr 
discloses: 

The method of claim 1 , wherein the step of performing one or more responsive 
actions that relate to accessing the service comprises generating an alert about the 
password (paragraph 0027: wherein the password is determined to match up with a 
password format specification). 

Claim 9 is rejected as applied above in rejecting claim 1 . Furthermore, Kumhyr 
discloses: 
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The method of claim 1 , wherein the step of performing one or more responsive 
actions that relate to accessing the service comprises forcing a password change 
(paragraph 0027: wherein the password is adjusted to meet the specifications). 

Claim 10 is rejected as applied above in rejecting claim 1. Furthermore, Kumhyr 

discloses: 

The method of claim 1 , wherein the step of performing one or more responsive 
actions that relate to accessing the service comprises blocking the user's access to the 

service (paragraph 0027: wherein access to the application is not permitted if the 
password does not meet the format specifications). 

Claim 11 is rejected as applied above in rejecting claim 1. Furthermore, Kumhyr 
discloses: 

The method of claim 1 , wherein obtaining the password from the user comprises 
obtaining the password from the user via a graphical user interface (paragraph 0020: 
receiving a password from a user). 

Claim 12 is rejected as applied above in rejecting claim 1 1 . Furthermore, Kumhyr 
discloses: 

The method of claim 1 , wherein obtaining the password from the user comprises 
obtaining the password from the user via an electronic interface (paragraph 0020: 
receiving a password from a user). 
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Claim 15 is rejected as applied above in rejecting claim 1 . Furthermore, Kumhyr 
discloses: 

The method of claim 1 , wherein the user is associated with a particular user role, 
and wherein determining whether the password meets quality criteria comprises 
determining whether the password meets quality criteria for the particular user role 
(paragraph 0026: wherein the password is checked for compliance with a format 
specification for a target application (user role)). 

Claim 16 is rejected as applied above in rejecting claim 1. Furthermore, Kumhyr 
discloses: 

The method of claim 1 , wherein determining whether the password meets quality 

criteria comprises determining whether the password meets quality criteria for the 
service (paragraph 0026: wherein the password is checked for compliance with a 
format specification for a target application). 

Claim 17 is rejected as applied above in rejecting claim 1 . Furthermore, Kumhyr 
discloses: 

The method of claim 1 , wherein the step of obtaining the password comprises an 
access service obtaining the password from the user when the user attempts to access 
the service, and wherein the access service comprises machine executable instructions 
executing on a particular machine, and the service comprises machine executable 
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instruction executing on tlie same particular macliine (paragrapli 0026: wherein the 
password is to access a target application which could be on the same machine or a 
distinct machine). 

Claim 18 is rejected as applied above in rejecting claim 1. Furthermore, Kumhyr 

discloses: 

The method of claim 1 , wherein the step of obtaining the password comprises an 
access service obtaining the password from the user when the user attempts to access 
the service, and wherein the access service comprises machine executable instructions 
executing on a first machine and the service comprises machine executable instructions 
executing on a second machine, wherein the first machine is distinct from the second 
machine (paragraph 0026: wherein the password is to access a target application 
which could be on the same machine or a distinct machine). 

Regarding claim 19, Kumhyr discloses: 

A method of dynamically mitigating a noncompliant password, the method 
comprising the machine-implemented steps of: 

obtaining a password from a user when the user attempts to access a service 
(paragraph 0026: receives a password); 

determining whether the password meets quality criteria (paragraph 0026: 
checks the password for compliance with format specification); and 

if the password does not meet the quality criteria, performing one or more of: 
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forcing a password change (paragraph 0027: wherein the password is adjusted 
to meet the specifications); or 

blocking the user's access to the service; and 

wherein the step of determining whether the password meets quality criteria 
further comprises one or more of the steps of: 

performing a dictionary look-up based on the one or more symbols used In the 
password; 

checking the length of the one or more symbols used in the password; 
checking the number of unique characters of the one or more symbols used in 
the password; 

checking the case of the characters in the one or more symbols used in the 
password; 

checking the sequencing of characters in the one or more symbols used in the 

password; or 

performing statistical analysis based on the one or more symbols used in the 
password (paragraph 0027: wherein the number of characters may be adjusted). 

Regarding claim 20, Kumhyr discloses: 

A machine-readable medium carrying one or more sequences of Instructions for 
dynamically mitigating a noncompliant password, which instructions, when executed by 
one or more processors, cause the one or more processors to carry out the steps of: 
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obtaining a password from a user when the user attempts to access a service 
(paragraph 0026: receives a password); 

determining whether the password meets quality criteria (paragraph 0026: 
checks the password for compliance with format specification); and 

if the password does not meet the quality criteria, performing one or more 
responsive actions that relate to accessing the service (paragraph 0027: wherein if the 
password does not comply, a responsive action is taken). 

Claim 22 is rejected as applied above in rejecting claim 20. Furthermore, Kumhyr 
discloses: 

The machine-readable medium of claim 20, wherein the step of performing one 
or more responsive actions that relate to accessing the service comprises performing 
one or more of: 

logging information related to the password; 

sending a report about the password; 

generating an alert about the password; 

forcing a password change; or 

blocking the user's access to the service (paragraph 0027: wherein the 
password is adjusted to meet the specifications). 

Claim 23 is rejected as applied above in rejecting claim 20. Furthermore, Kumhyr 
discloses: 
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The machine-readable medium of claim 20, further comprising instructions which, 
when executed by the one or more processors, cause the one or more processors to 
carry out the step of, if the password does meet the quality criteria, providing user 
access to the service (paragraph 0026: wherein if the password meets the 
specifications, the password is forwarded to the specified application). 

Claim 24 is rejected as applied above in rejecting claim 20. Furthermore, Kumhyr 
discloses: 

The machine-readable medium of claim 20, wherein the step of determining 
whether the password meets quality criteria further comprises one or more of the steps 
of: performing 

a dictionary look-up based on the one or more symbols used in the password; 

checking the length of the one or more symbols used in the password; 
checking the number of unique characters of the one or more symbols used in 
the password; 

checking the case of the characters in the one or more symbols used in the 
password; 

checking the sequencing of characters in the one or more symbols used in the 
password; or 

performing statistical analysis based on the one or more symbols used in the 
password (paragraph 0027: wherein the number of characters may be adjusted). 
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Claim 25 is rejected as applied above in rejecting claim 20. Furthermore, Kumhyr 
discloses: 

The machine-readable medium of claim 20, wherein the step of performing one 
or more responsive actions that relate to accessing the service comprises logging 
information related to the password (paragraph 0027). 

Claim 26 is rejected as applied above in rejecting claim 20. Furthermore, Kumhyr 
discloses: 

The machine-readable medium of claim 20, wherein the step of performing one 
or more responsive actions that relate to accessing the service comprises sending a 
report about the password (paragraph 0027: wherein the password is determined to 
match up with a password format specification). 

Claim 27 is rejected as applied above in rejecting claim 20. Furthermore, Kumhyr 
discloses: 

The machine-readable medium of claim 20, wherein the step of performing one 
or more responsive actions that relate to accessing the service comprises generating an 
alert about the password (paragraph 0027: wherein the password is determined to 
match up with a password format specification). 

Claim 28 is rejected as applied above in rejecting claim 20. Furthermore, Kumhyr 
discloses: 
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The machine-readable medium of claim 20, wherein the step of performing one 
or more responsive actions that relate to accessing the service comprises forcing a 
password change (paragraph 0027: wherein the password is adjusted to meet the 
specifications). 

Claim 29 is rejected as applied above in rejecting claim 20. Furthermore, Kumhyr 
discloses: 

The machine-readable medium of claim 20, wherein the step of performing one 
or more responsive actions that relate to accessing the service comprises blocking the 
user's access to the service (paragraph 0027: wherein access to the application is not 
permitted if the password does not meet the format specifications). 

Claim 30 is rejected as applied above in rejecting claim 20. Furthermore, Kumhyr 
discloses: 

The machine-readable medium of claim 20, wherein obtaining the password from 
the user comprises obtaining the password from the user via a graphical user interface 
(paragraph 0020: receiving a password from a user). 

Claim 31 is rejected as applied above in rejecting claim 20. Furthermore, Kumhyr 
discloses: 
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The machine-readable medium of claim 20, wherein obtaining the password from 
the user comprises obtaining the password from the user via an electronic interface 
(paragraph 0020: receiving a password from a user). 

Claim 34 is rejected as applied above in rejecting claim 20. Furthermore, Kumhyr 

discloses: 

The machine-readable medium of claim 20, wherein the user is associated with a 
particular user role, and wherein determining whether the password meets quality 
criteria comprises determining whether the password meets quality criteria for the 
particular user role, (paragraph 0026: wtierein tine password is checked for compliance 
witli a format specification for a target application (user role)). 

Claim 35 is rejected as applied above in rejecting claim 20. Furthermore, Kumhyr 
discloses: 

The machine-readable medium of claim 20, wherein determining whether the 
password meets quality criteria comprises determining whether the password meets 
quality criteria for the service (paragraph 0026: wherein the password is checked for 
compliance with a format specification for a target application). 

Regarding claim 36, Kumhyr discloses: 

An apparatus for dynamically mitigating a noncompliant password, comprising: 
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means for obtaining a password from a user wlien tlie user attempts to access a 
service (paragraph 0026: receives a password); 

means for determining wlietlier tine password meets quality criteria (paragrapli 
0026: checks the password for compliance with format specification); and 

means for performing one or more responsive actions that relate to accessing the 
service if the password does not meet the quality criteria (paragraph 0027: wherein if 
the password does not comply, a responsive action is taken). 

Claim 38 is rejected as applied above in rejecting claim 36. Furthermore, Kumhyr 
discloses: 

The apparatus of claim 36, wherein the means for performing one or more 
responsive actions that relate to accessing the service comprises one or more of: 
means for logging information related to the password; 
means for sending a report about the password; 
means for generating an alert about the password; 
means for forcing a password change; or 

means for blocking the user's access to the service (paragraph 0027: wherein 
the password is adjusted to meet the specifications). 

Claim 39 is rejected as applied above in rejecting claim 36. Furthermore, Kumhyr 
discloses: 
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The apparatus of claim 36, wherein the apparatus further comprises means for 
providing user access to the service if the password does meet the quality criteria 
(paragraph 0026: wherein if the password meets the specifications, the password is 
fonvarded to the specified application). 

Claim 40 is rejected as applied above in rejecting claim 36. Furthermore, Kumhyr 
discloses: 

The apparatus of claim 36, wherein the means for determining whether the 
password meets quality criteria further comprises one or more of: 

means for performing a dictionary look-up based on the one or more symbols 
used in the password; 

means for checking the length of the one or more symbols used in the password; 

means for checking the number of unique characters of the one or more symbols 
used in the password; 

means for checking the case of the characters in the one or more symbols used 
in the password; 

means for checking the sequencing of characters in the one or more symbols 
used in the password; or 

means for performing statistical analysis based on the one or more symbols used 
in the password (paragraph 0027: wherein the number of characters maybe adjusted). 
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Claim 41 is rejected as applied above in rejecting claim 36. Furthermore, Kumhyr 
discloses: 

The apparatus of claim 36, wherein the means for performing one or more 
responsive actions that relate to accessing the service comprises means for logging 
information related to the password (paragraph 0027). 

Claim 42 is rejected as applied above in rejecting claim 36. Furthermore, Kumhyr 
discloses: 

The apparatus of claim 36, wherein the means for performing one or more 
responsive actions that relate to accessing the service comprises means for sending a 
report about the password (paragraph 0027: wherein the password is determined to 
match up with a password format specification). 

Claim 43 is rejected as applied above in rejecting claim 36. Furthermore, Kumhyr 
discloses: 

The apparatus of claim 36, wherein the means for performing one or more 

responsive actions that relate to accessing the service comprises means for generating 
an alert about the password (paragraph 0027: wherein the password is determined to 
match up with a password format specification). 

Claim 44 is rejected as applied above in rejecting claim 36. Furthermore, Kumhyr 
discloses: 
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The apparatus of claim 36, wherein the means for performing one or more 
responsive actions that relate to accessing the service comprises means for forcing a 
password change (paragraph 0027: wherein the password is adjusted to meet the 
specifications). 

Claim 45 is rejected as applied above in rejecting claim 36. Furthermore, Kumhyr 
discloses: 

The apparatus of claim 36, wherein the means for performing one or more 

responsive actions that relate to accessing the service comprises means for blocking 
the user's access to the service (paragraph 0027: wherein access to the application is 
not permitted if the password does not meet the format specifications). 

Claim 46 is rejected as applied above in rejecting claim 36. Furthermore, Kumhyr 
discloses: 

The apparatus of claim 36, wherein the means for obtaining the password from 
the user comprises means for obtaining the password from the user via a graphical user 
interface (paragraph 0020: receiving a password from a user). 

Claim 47 is rejected as applied above in rejecting claim 36. Furthermore, Kumhyr 
discloses: 
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The apparatus of claim 36, wherein the means for obtaining the password from 
the user comprises means for obtaining the password from the user via an electronic 
interface (paragraph 0020: receiving a password from a user). 

Claim 50 is rejected as applied above in rejecting claim 36. Furthermore, Kumhyr 

discloses: 

The apparatus of claim 36, wherein the user is associated with a particular user 
role, and wherein means for determining whether the password meets quality criteria 

comprises means for determining whether the password meets quality criteria for the 
particular user role (paragraph 0026: wlierein tlie password is checked for compliance 
witli a format specification for a target application (user role)). 

Claim 51 is rejected as applied above in rejecting claim 36. Furthermore, Kumhyr 
discloses: 

The apparatus of claim 36, wherein means for determining whether the password 
meets quality criteria comprises means for determining whether the password meets 

quality criteria for the service (paragraph 0026: wlierein if the password meets the 
specifications, the password is fonA/arded to the specified application). 

Claim 52 is rejected as applied above in rejecting claim 36. Furthermore, Kumhyr 
discloses: 
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The apparatus of claim 36, wherein the means for obtaining the password 
comprises means for an access service to obtain the password from the user when the 
user attempts to access the service, and wherein the access service comprises means 
for executing on a particular machine, and wherein the service comprises means for 

executing on the same particular machine (paragraph 0026: wherein the password is to 
access a target application which could be on the same machine or a distinct machine). 

Claim 53 is rejected as applied above in rejecting claim 36. Furthermore, Kumhyr 
discloses: 

The apparatus of claim 36, wherein the means for obtaining the password 
comprises means for an access service to obtain the password from the user when the 
user attempts to access the service, and wherein the access service comprises means 
for executing on a first machine and the service comprises means for executing on a 
second machine, wherein the first machine is distinct from the second machine 
(paragraph 0026: wherein the password is to access a target application which could 
be on the same machine or a distinct machine). 

Regarding claim 54, Kumhyr discloses: 

An apparatus for dynamically mitigating a noncompliant password, comprising: 
a network interface that is coupled to the data network for receiving one or more 

packet flows therefrom (paragraph 0026); 
a processor (paragraph 0026); 



Application/Control Number: 10/825,827 Page 21 

Art Unit: 2131 

one or more stored sequences of instructions which, when executed by the 
processor, cause the processor to carry out the steps of: 

obtaining a password from a user when the user attempts to access a service 
(paragraph 0026: receives a password); 

determining whether the password meets quality criteria (paragraph 0026: 
checks the password for compliance with format specification); and 

if the password does not meet the quality criteria, performing one or more 
responsive actions that relate to accessing the service (paragraph 0027: wherein if the 
password does not comply, a responsive action is taken). 

Claim 56 is rejected as applied above in rejecting claim 54. Furthermore, Kumhyr 
discloses: 

The apparatus of claim 54, wherein the step of performing one or more 
responsive actions that relate to accessing the service comprises performing one or 
more of: 

logging information related to the password; 
sending a report about the password; 
generating an alert about the password; 
forcing a password change; or 

blocking the user's access to the service (paragraph 0027: wherein the 
password is adjusted to meet the specifications). 
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Claim 57 is rejected as applied above in rejecting claim 54. Furthermore, Kumhyr 
discloses: 

The apparatus of claim 54, wherein the apparatus further comprises one or more 
stored sequences of instructions which, when executed by the processor, cause the 

processor to carry out the step of, if the password does meet the quality criteria, 
providing user access to the service (paragraph 0026: wherein if the password meets 
the specifications, the password is forwarded to the specified application). 

Claim 58 is rejected as applied above in rejecting claim 54. Furthermore, Kumhyr 
discloses: 

The apparatus of claim 54, wherein the step of determining whether the 
password meets quality criteria comprises one or more of the steps of: 

performing a dictionary look-up based on the one or more symbols used in the 
password; 

checking the length of the one or more symbols used in the password; 
checking the number of unique characters of the one or more symbols used in 
the password; 

checking the case of the characters in the one or more symbols used in the 

password; 

checking the sequencing of characters in the one or more symbols used in the 
password; or 
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performing statistical analysis based on the one or more symbols used in the 
password (paragraph 0027: wherein the number of characters may be adjusted). 

Claim 59 Is rejected as applied above In rejecting claim 54. Furthermore, Kumhyr 
discloses: 

The apparatus of claim 54, wherein the step of performing one or more 
responsive actions that relate to accessing the service comprises logging Information 
related to the password (paragraph 0027). 

Claim 60 is rejected as applied above In rejecting claim 54. Furthermore, Kumhyr 
discloses: 

The apparatus of claim 54, wherein the step of performing one or more 

responsive actions that relate to accessing the service comprises sending a report 
about the password (paragraph 0027: wherein the password is determined to match up 
with a password format specification). 

Claim 61 Is rejected as applied above In rejecting claim 54. Furthermore, Kumhyr 
discloses: 

The apparatus of claim 54, wherein the step of performing one or more 
responsive actions that relate to accessing the service comprises generating an alert 
about the password (paragraph 0027: wherein the password is determined to match up 
with a password format specification). 
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Claim 62 is rejected as applied above in rejecting claim 54. Furthermore, Kumhyr 
discloses: 

The apparatus of claim 54, wherein the step of performing one or more 

responsive actions that relate to accessing the service comprises forcing a password 
change (paragraph 0027: wherein the password is adjusted to meet the specifications). 

Claim 63 is rejected as applied above in rejecting claim 54. Furthermore, Kumhyr 
discloses: 

The apparatus of claim 54, wherein the step of performing one or more 
responsive actions that relate to accessing the service comprises blocking the user's 
access to the service (paragraph 0027: wherein access to the application is not 
permitted if the password does not meet the format specifications). 

Claim 64 is rejected as applied above in rejecting claim 54. Furthermore, Kumhyr 
discloses: 

The apparatus of claim 54, wherein obtaining the password from the user 
comprises obtaining the password from the user via a graphical user interface 
(paragraph 0020: receiving a password from a user). 

Claim 65 is rejected as applied above in rejecting claim 54. Furthermore, Kumhyr 
discloses: 
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The apparatus of claim 54, wherein obtaining the password from the user 
comprises obtaining the password from the user via an electronic interface (paragraph 
0020: receiving a password from a user). 

Claim 68 is rejected as applied above in rejecting 54. Furthermore, Kumhyr discloses: 
The apparatus of claim 54, wherein the user is associated with a particular user 
role, and wherein determining whether the password meets quality criteria comprises 
determining whether the password meets quality criteria for the particular user role 

(paragraph 0026: wherein tlie password is cliecked for compliance wiW a format 
specification for a target application (user role)). 

Claim 69 is rejected as applied above in rejecting claim 54. Furthermore, Kumhyr 
discloses: 

The apparatus of claim 54, wherein determining whether the password meets 
quality criteria comprises determining whether the password meets quality criteria for 
the service (paragraph 0026: wherein if the password meets the specifications, the 
password is fonA/arded to the specified application). 

Claim 70 is rejected as applied above in rejecting claim 54. Furthermore, Kumhyr 
discloses: 

The apparatus of claim 54, wherein the step of obtaining the password comprises 
an access service obtaining the password from the user when the user attempts to 
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access the service, and wherein the access service comprises machine executable 
instructions executing on the apparatus, and the service comprises machine executable 
instruction executing on the same apparatus (paragraph 0026: wherein the password is 
to access a target application which could be on the same machine or a distinct 
machine). 

Claim 71 is rejected as applied above in rejecting claim 54. Furthermore, Kumhyr 
discloses: 

The apparatus of claim 54, wherein the step of obtaining the password comprises 
an access service obtaining the password from the user when the user attempts to 
access the service, and wherein the access service comprises machine executable 
instructions executing on a first machine and the service comprises machine executable 
instructions executing on a second machine, wherein the first machine is distinct from 
the second machine (paragraph 0026: wherein the password is to access a target 
application which could be on the same machine or a distinct machine). 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or deschbed as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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Claims 2, 21 37, and 55 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Kumhyr (U.S. Patent Pub. No. US 2004/0250139 A1) in view of 
Wood et al. (U.S. Patent 6,944,761). 

Claim 2 is rejected as applied above in rejecting claim 1 . Kumhyr does not 
explicitly disclose granting a first level of access based on a first quality criteria, and 
granting a second level of access based on meeting a second level of quality criteria. 
Wood teaches granting different levels of trust level based on the authentication 
information (passwords) (Wood: column 17, lines 45-60). It would have been obvious 
to use the method of providing different levels of access with different passwords to 
provide an "authentication level commensurate with the authentication requirements of 
at least one of the information resources" (Wood: column 4, lines 7-13). 

Claim 21 is rejected as applied above in rejecting claim 20. Kumhyr does not 
explicitly disclose granting a first level of access based on a first quality criteria, and 
granting a second level of access based on meeting a second level of quality criteria. 
Wood teaches granting different levels of trust level based on the authentication 
information (passwords) (Wood: column 17, lines 45-60). It would have been obvious 
to use the method of providing different levels of access with different passwords to 
provide an "authentication level commensurate with the authentication requirements of 
at least one of the information resources" (Wood: column 4, lines 7-13). 
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Claim 37 is rejected as applied above in rejecting claim 36. Kumhyr does not 
explicitly disclose granting a first level of access based on a first quality criteria, and 
granting a second level of access based on meeting a second level of quality criteria. 
Wood teaches granting different levels of trust level based on the authentication 
information (passwords) (Wood: column 17, lines 45-60). It would have been obvious 
to use the method of providing different levels of access with different passwords to 
provide an "authentication level commensurate with the authentication requirements of 
at least one of the information resources" (Wood: column 4, lines 7-13). 

Claim 55 is rejected as applied above in rejecting claim 54. Kumhyr does not 
explicitly disclose granting a first level of access based on a first quality criteria, and 
granting a second level of access based on meeting a second level of quality criteria. 
Wood teaches granting different levels of trust level based on the authentication 
information (passwords) (Wood: column 17, lines 45-60). It would have been obvious 
to use the method of providing different levels of access with different passwords to 
provide an "authentication level commensurate with the authentication requirements of 
at least one of the information resources" (Wood: column 4, lines 7-13). 

Claims 13, 32, 48, and 66 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Kumhyr (U.S. Patent Pub. No. US 2004/0250139 A1) in view of 
Hurley (U.S. Patent Pub. US 2004/0250139 A1). 



Application/Control Number: 10/825,827 Page 29 

Art Unit: 2131 

Claim 13 is rejected as applied above in rejecting claim 1 . Kumhyr does not 
explicitly disclose that a quality score is generated for a password, which is compared to 
a threshold value. Hurley discloses a system using a quality meter which compares the 
quality of password to the minimum threshold, and if it does not meet it, a message is 
displayed (Hurley: paragraph 0030). Hurley and Kumhyr are analogous arts because 
both have to do with passwords and measuring their quality. It would have been 
obvious to one of ordinary skill in the art to use the quality meter of Hurley in the system 
of Kumhyr to check if a password is vulnerable to cracking and to notify the user on how 
to improve the quality (Hurley: paragraphs 0004-0005). 

Claim 32 is rejected as applied above in rejecting claim 20. Kumhyr does not 
explicitly disclose that a quality score is generated for a password, which is compared to 

a threshold value. Hurley discloses a system using a quality meter which compares the 
quality of password to the minimum threshold, and if it does not meet it, a message is 
displayed (Hurley: paragraph 0030). Hurley and Kumhyr are analogous arts because 
both have to do with passwords and measuring their quality. It would have been 
obvious to one of ordinary skill in the art to use the quality meter of Hurley in the system 
of Kumhyr to check if a password is vulnerable to cracking and to notify the user on how 
to improve the quality (Hurley: paragraphs 0004-0005). 

Claim 48 is rejected as applied above in rejecting claim 36. Kumhyr does not 
explicitly disclose that a quality score is generated for a password, which is compared to 
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a threshold value. Hurley discloses a system using a quality meter which compares the 
quality of password to the minimum threshold, and if it does not meet it, a message is 
displayed (Hurley: paragraph 0030). Hurley and Kumhyr are analogous arts because 
both have to do with passwords and measuring their quality. It would have been 
obvious to one of ordinary skill in the art to use the quality meter of Hurley in the system 
of Kumhyr to check if a password is vulnerable to cracking and to notify the user on how 
to improve the quality (Hurley: paragraphs 0004-0005). 

Claim 66 is rejected as applied above in rejecting claim 54. Kumhyr does not 
explicitly disclose that a quality score is generated for a password, which is compared to 
a threshold value. Hurley discloses a system using a quality meter which compares the 
quality of password to the minimum threshold, and if it does not meet it, a message is 
displayed (Hurley: paragraph 0030). Hurley and Kumhyr are analogous arts because 
both have to do with passwords and measuring their quality. It would have been 
obvious to one of ordinary skill in the art to use the quality meter of Hurley in the system 
of Kumhyr to check if a password is vulnerable to cracking and to notify the user on how 
to improve the quality (Hurley: paragraphs 0004-0005). 

Claims 14, 33, and 67 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Kumhyr (U.S. Patent Pub. No. US 2004/0250139 A1) in view of 
Casco-Arias et al. (U.S. Patent Pub. No. US 2004/0250141 A1). 
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Claim 14 Is rejected as applied above in rejecting claim 1 . Furthermore, Kumhyr 
discloses: 

making a first determination whether the password meets quality criteria 
(paragraph 0026: wherein if the password meets the specifications, the password is 
forwarded to the specified application); 

storing in a particular machine-readable medium an indication of the first 
determination of the password (paragraph 0026: wherein if the password meets the 
specifications, the password is forwarded to the specified application (machine))) 

wherein the step of determining whether the password meets quality criteria 
comprises accessing the particular machine-readable medium ((paragraph 0026: 
wherein if the password meets the specifications, the password is fonvarded to the 
specified application). 

Kumhyr does not explicitly disclose obtaining a password from a repository of 
passwords. Casco-Arias teaches a password repository to store passwords (Casco- 
Arlas: paragraph 0019). The password repository of Casco-Arlas could be used with 
the system of Kumhyr to store passwords which are generated. It would have been 
obvious to use the password repository of Casco-Arias in the system of Kumhyr so that 
"passwords may be centrally managed according to shared password policies" which 
can provide "more uniform levels of password strength among the data processing 
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systems and may allow a user to request and/or change passwords in a more 
consistent manner" (Casco-Arias: paragraph 0007). 

Claim 33 is rejected as applied above in rejecting claim 20. Furthermore, Kumhyr 
discloses: 

The machine-readable medium of claim 20, further comprising instructions which, 
when executed by the one or more processors, cause the one or more processors to 
carry out the steps of: 

making a first determination whether the password meets quality criteria 
(paragraph 0026: wherein if the password meets the specifications, the password is 
foDA/arded to the specified application); 

storing in a particular machine-readable medium an indication of the first 
determination of the password (paragraph 0026: wherein if the password meets the 
specifications, the password is fonA/arded to the specified application (machine))) 

wherein the step of determining whether the password meets quality criteria 
comprises accessing the particular machine-readable medium ((paragraph 0026: 
wherein if the password meets the specifications, the password is forwarded to the 
specified application). 

Kumhyr does not explicitly disclose obtaining a password from a repository of 
passwords. Casco-Arias teaches a password repository to store passwords (Casco- 
Arias: paragraph 0019). The password repository of Casco-Arias could be used with 
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the system of Kumhyr to store passwords which are generated. It would have been 
obvious to use the password repository of Casco-Arias in the system of Kumhyr so that 
"passwords may be centrally managed according to shared password policies" which 
can provide "more uniform levels of password strength among the data processing 
systems and may allow a user to request and/or change passwords in a more 
consistent manner" (Casco-Arias: paragraph 0007). 

Claim 67 is rejected as applied above in rejecting claim 54. Furthermore, Kumhyr 
discloses: 

The apparatus of claim 54, further comprising one or more stored sequences of 
instructions which, when executed by the processor, cause the processor to carry out 
the steps of: 

making a first determination whether the password meets quality criteria 
(paragraph 0026: wherein if the password meets the specifications, the password is 
fonA/arded to the specified application); 

storing in a particular machine-readable medium an indication of the first 
determination of the password (paragraph 0026: wherein if the password meets the 
specifications, the password is forwarded to the specified application (machine))) 

wherein the step of determining whether the password meets quality criteria 
comprises accessing the particular machine-readable medium ((paragraph 0026: 
wherein if the password meets the specifications, the password is forwarded to the 
specified application). 
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Kumhyr does not explicitly disclose obtaining a password fronn a repository of 
passwords. Casco-Arias teaches a password repository to store passwords (Casco- 
Arias: paragraph 0019). The password repository of Casco-Arias could be used with 
the system of Kumhyr to store passwords which are generated. It would have been 
obvious to use the password repository of Casco-Arias in the system of Kumhyr so that 
"passwords may be centrally managed according to shared password policies" which 
can provide "more uniform levels of password strength among the data processing 
systems and may allow a user to request and/or change passwords in a more 
consistent manner" (Casco-Ahas: paragraph 0007). 



Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to KAVEH ABRISHAMKAR whose telephone number is 
(571)272-3786. The examiner can normally be reached on Monday thru Friday 8-5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Kaveh Abrishamkar/ 
Examiner, Art Unit 2131 

IK. A./ 
06/16/2008 

Examiner, Art Unit 2131 



